﻿using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http;

namespace lso_2u_Web应用开发.App_Code.MyActionFilters
{
    public class CheckSessionStringAttribute : ActionFilterAttribute
    {
        private readonly string _sessionKey;
        private readonly string _expectedValue;

        public CheckSessionStringAttribute(string sessionKey, string expectedValue)
        {
            _sessionKey = sessionKey;
            _expectedValue = expectedValue;
        }

        public override void OnActionExecuting(ActionExecutingContext context)
        {
            if (context.HttpContext.Session != null &&
                string.IsNullOrEmpty(context.HttpContext.Session.GetString(_sessionKey)) ||
                context.HttpContext.Session.GetString(_sessionKey) != _expectedValue)
            {
                context.Result = new RedirectResult("/AccessDeniedError");
            }
        }
    }
}
